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Q> . The formal analysis and design of control systems is one of recent trends in control theory. In 

(N ■ 

this area, in order to reduce the complexity and scale of control systems, finite abstractions of control 
' systems are introduced and explored. In non-disturbance case, the controller of control systems is often 

I generated from the controller of finite abstractions. Recently, Pola and Tabuada provide approximate 

. finite abstractions for linear control systems with disturbance inputs. However, these finite abstractions 

and original linear systems do not always share the identical specifications, which obstructs designing 
controller (of linear systems) based on their finite abstractions. This paper tries to bridge such gap 
between linear systems and their finite abstractions. 
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I. Introduction 

! In recent years, there has been an increasing interest in the formal analysis and design of 



control systems. The formal analysis aims to check whether a control system satisfies desired 
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specifications, while the formal design wants to construct a controller for control system so that 
it meets a given specification. Early work in these fields is chiefly concerned with stability and 
reachability [HI, [l2l. Recently, more complex specifications are considered. These specifications 
may be described by such as temporal logic [|3l, flU, flSl, (HI, regular expressions [9| 

and transition systems [[TOl . Amongst, temporal logic, due to its resemblance to natural language 
and the existence of algorithms for model checking, is widely adopted to describe the desired 
properties. For example, linear temporal logic (LTL) is used to express specifications of discrete- 
time linear systems [[HI and continuous-time linear systems [7J. Both Computation Tree Logic 
(CTL)|l4l and LTLllSl, ||6l are adopted to specify task of mobile robotics. 

In the formal analysis and design, it is always difficult to deal with large-scale control 
systems because of the complexity and scale of such systems. To overcome this defect, finite 
abstractions are extracted from these control systems. For instance, Tabuada and Pappas explore 
finite abstractions of discrete-time linear systems and present some critical properties of linear 
systems ensuring the existence of finite abstractions [|TT| . Based on finite partitions of the set of 
inputs or outputs, finite symbolic models are constructed for nonlinear control systems in [,12 j. 
A number of work has been devoted to finite abstractions of hybrid systems [[131 . [[T4|. [[TSl . 
|[T6l . fTJl . An excellent review of these work may be found in [)3j[. 

Finite abstractions play an important role in the formal design of control systems [[6l, [[T], [[H, 
|[TOl . As an example. Fig [H illustrates the function of finite abstraction in the formal design of 
linear system [8]. Given a linear system S, Tabuada and Pappas provide an infinite transition 
system as the formal model of S and construct a finite transition system as the finite 
abstraction of S. The following result is a fundamental result in [8J, which lays the foundation 
of the design method of controllers presented in [8]. 

Ts and are bisimilar and share the same properties describe by linear temporal logic. (*) 

Thus, given an LTL specification ipQ, the formal design of can be equivalently performed 
on the finite abstraction T^. Tabuada and Pappas construct a controller of enforcing 
and demonstrate that satisfies lpq under this controller as well. Furthermore, based on this 
controller, a close-loop system H satisfying ip^ is generated. Similar methods are also adopted 

in m, m, [sa. 

The research work, mentioned above, focuses on control systems without reference to dis- 
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Fig. 1. Controller design |8|: non-disturbance case 
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Fig. 2. Transforming specification and control strategy 

turbances. However, all physical systems are subject to some types of extraneous disturbances 
or noise during operation [[T8l . In [[T9l . [|20l and [1211 . Pola and Tabuada provide a framework 
to design controllers for systems affected by disturbances. To this end, they introduce symbolic 
abstractions for these systems. Moreover, the notions of approximate simulation [|2T] and alter- 
nating approximate bisimulation [[T9l , [|20l are introduced to capture the equivalence between 
symbolic abstractions and original control systems. 

However, as we will reveal in Section |Wl Pola and Tabuada's finite (symbolic) abstractions 
and their original control systems do not always share the identical properties described by 
linear temporal logic LTL_x- Roughly speaking, the result (*) does not always hold for control 
systems with disturbances. Thus, if we adopt the same specifications for the control systems and 
their finite abstractions, the formal design of the latter may not be helpful for the former. To 
overcome this obstacle, this paper introduces and explores a transformation of specification as 
illustrated in Fig |2l 
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In this figure, S is a linear system with disturbance inputs, Tt-(S) is a sample system of S and 
Tr,,^^(S) is the set of finite abstractions of S introduced in [|22l . Given a linear temporal logic 
LTL_x formula (po as a specification of S, we transform it to LTLlj^ formula (p'^ (LTL^"*^ formula 
(^q) as specifications of Tt-(S) (finite abstraction T, respectively). The parametric 5 describes 
the distinction between the trajectories of S and their sampling, while finite abstraction T is 
altematingly ^-approximately bisimilar to the sampling system Tr(S). It will be shown that, 
under some assumptions, for any initial state go and control strategy / of finite abstraction T 
enforcing lPq, there exists a controller of S derived from go and / such that the trajectories of 
S with this controller satisfy the specification lpq. 

The rest of this paper is organized as follows. In Section |lll we recall related definitions and 
results in the literature. Section III] recalls the linear temporal logic LTL x» which is adopted to 
describe the specifications of linear systems with disturbance inputs. In Section |IVl we introduce 
the transformation of LTL_x formulas. Based on this transformation. Section |V] establishes a 
relationship between the controller of linear control systems with disturbance inputs and the 
control strategy of Pola and Tabuada's abstractions. Finally, we conclude the paper with future 
work in Section |Vll 

II. Preliminaries 

A. Notation 

The symbols Z, N, M, M+ and Ml_ denote the set of integers, positive integers, reals, positive 
and nonnegative reals, respectively. Given a function f : A ^ B and A' C A, f{A') = {b E 
B : b = f{a) for some a E A'} and the notation fi^A' means the restriction of function / to 
the set A'. For any set A, yl+ denotes the set of all non-empty finite strings over A, and A'^ 
represents the set of infinite strings over A. We use sa and cr^ to denote the elements of ^4+ and 
A'^, respectively. If A is known from the context, we will omit subscripts in sa and a a- For any 
s E A'^, we use s[i] and s[en(i] to denote the i-th element and the last element of s, respectively. 
Given i < j, s[i,j], s[i, end] and a[i, oo] represent s[i]s[i + 1] • ■ ■ s[j], s[i]s[i + 1] ■ ■ ■ s[end] and 
cr[i]cr[z + 1] ■ ■ ■ , respectively. As usual, \s\ means the length of s. For any a E A^ , \a\ is set to 
be oo. 

Given a vector .x; E M", we denote by the z-th element of .jc and ||x|| = max{|xi|, |x2|, • • • , |x„|} 
where \xi\ is the absolute value of %{. For any matrix M E M"^™, the symbol ||M|| represents 
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the infinity norm of M, i.e., \\M\\ = maxi<i<rn^]=iWij\- The set X C M" is said to be 
bounded if and only if sup{||2;|| : x E X} < oo. For any measurable function / : — t- M, 
ll/lloo — sup{||/(t)||,t > 0} and / is said to be essentially bounded if ||/||oo < oo. For a given 
time r G R+, define so that /r(t) = /(t) for any t E [0,r), and /(t) = elsewhere; 
/ is said to be locally essentially bounded if for any r E M+, fr is essentially bounded. 
The symbol conv{vi,V2, ■ ■ ■ ,fm) denotes the convex hull of vectors vi,V2,-- - ,Vm G M". A 
bounded set of the form cont; (t>i, t>2, ■■ ■ ,Vm) is called a polytope. For any A C M" and 
yU G M, we define [A]^ = {x E A \ Xi = kijji^ki E Z, z = 1, ■ ■ ■ ,n}. The closed ball 
centered at x G with radius e is defined by Be{x) = {y E W : ||x — y\\ < e}. In 
this paper, we consider the metric d on M" defined as d{x,y) = \\x — y\\. The Hausdorff 
pseudo-metric induced by d on 2^ is defined as for any Xi,X2 C M", dh(Xi,X2) = 
max{sup^^gjYi inf^aexa d(xi, X2), sup^^^Xi inf^isXi d(xi, X2)}. 

B. Linear systems with disturbance inputs 

This subsection will recall the notion of linear system with disturbance inputs. We refer the 
reader to [jlTl. [l22l for more details. This paper considers the following continuous-time linear 
control system: 

: X = Ax + Bu + Gv, X E X,u eU,v eV (1) 

where A G M"''", B G W"^, G G W""", X C R" is the state space, f/ C is the control 
input space, and F C R'^ is the disturbance input space. We suppose that U and V are the sets 
of all measurable and locally essentially bounded functions from intervals D C R° to U and 
V, respectively, where D is in one of the following forms: [ti,t2] and [t,6) For any interval 
D C R° of the form [ti, ^2] or [t, 9), an absolutely continuous curve x : D — t- X is said to be a 
trajectory of S if there exists u eU and v G V such that x(ti) = Ax(ti) + Bu(ti) + Gv(ti) for 
almost all ti E D. The state reached at time t E M° with initial condition xq E X, control input 
\x eU and disturbance input v G V will be denoted by x(t, xq, u, v). Since S is a linear system, we 
have x()f:,xo,u,v) = x(t, xq, 0, 0) +x()f:, 0, u, 0) +x(t, 0, 0, v) = e^*xo + x(t, 0, u, 0) +x(t, 0, 0, v). 

Convention. As in l[21\l . I[22\l . we assume that the product U xV of control input space U and 
disturbance input space V is compact, and X C R" is a bounded polytopic sets with non-empty 

'Here, 6 may be equal to oo. 
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interior and G X. Moreover, we assume that the linear control system S is forward complete 
and asymptotically stable 

C. Finite abstraction of S 

This subsection will recall the construction of finite abstraction of linear system S with 
disturbance inputs, which is introduced by Pola and Tabuada in [[22|. Since inputs consist of 
control and disturbance inputs, where the former are controllable and the latter are not, usual 
transition systems can not capture the different roles played by these two kinds of inputs. To 
overcome this defect, Pola and Tabuada adopt alternating transition systems as models of these 
control systems and their abstract systems [[T9l , [|20l . [llTI . 

Definition 1: An alternating transition system is a tuple T = (Q, A, B, — >, O, H) consisting 
of a set of states Q, a set of control labels A, a set of disturbance labels B, a transition relation 
— i-CQxAxi^xQ, an observation set O and an observation function H : Q O. We say that 
an altemating transition system T is metric if the observation set O is equipped with a metric, 
T is non-blocking if {q' : q q'} ^ for any q E Q, a E A and h E B, and T is finite if Q, 
A and B are finite. An infinite sequence a E Q"^ is said to be a trajectory of T if and only if 
for all z G N, a[i] ^^^^^ a[i + 1] for some ai E A and bi E B. 

In the above definition, a transition label is a pair < a,b >, where the former is used to denote 
control input and the latter represents disturbance input. To obtain a finite abstraction, Pola and 
Tabuada introduce a notion of sampling system of linear system. In the area of digital control, 
sampling system has been widely applied as a fundamental notion [.ISJ . 

Definition 2: [19] Given a linear control system S below 

E : X = Ax + Bu + Gv, X E X,u eU,v eV 
and r G IR+, define the transition system Tt-(S) = {Q^, A^-, B^, — )■, 0^-, H^), where: 

T 

•Qr = X; 

• At- = {u eU : the domain of u is [0, r]}; 

• = {v G V : the domain of v is [0, r]}; 

linear control system is said to be forward complete if and only if for any initial state x € X, control input u : R*], — >■ U and 
disturbance input v : M^}. — >■ V, there exists a trajectory x : R'l X such that x(0) = x and x{t) — Ax(t) + Bu(t) + Gv(t) 
for almost all t e R+ f23\. The definition of asymptotical stability may be found in [HI, (191, El- 
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• q — > q' if x(r, g, u, v) = q'\ 

T 

• Or = X; 

• Hr = Ix is the identity map on the set X. 

Let X : ]R° X be a trajectory of S. Given r G M+, we set crj = x(0)x(r)x(2r) ■ ■ ■ . The 
sequence can be viewed as a sampling of x. It is easy to check that is a trajectory of 
Tr(S). For simplicity, if r is known from the context, we often omit the superscript in a^. In 
order to extract a finite abstraction from Tt-(S), the following notations are needed: 

TZa^ = {g G M" : ^ g for some u e Ar}, and 

T 

TZb^ ^ {q (zW -.0 ^ q for some v G A^}. 

T 

It is easy to see that TZa^ is the set of all reachable states from the initial state with some 
control input u and identically null disturbance input 0. Similarly, TZb^ is the set of states 
reached at time r from the initial state with control input and some disturbance input v. 
The computation of these sets can be found in [22J. The notion of an abstract model for S is 
recalled below. 

Definition 3: Il22l Given a linear control system S below 

E : X = Ax + Bu + Gv, X e X,u e U,v eV 

and T,r],n G R+, an altemating transition system T = ([X]^, A, _B, — M", if) is said to be an 
abstraction of S w.r.t r, 7] and yU if and only if it satisfies: 

(1) A C [R% and dhiA,nA^) < fi/2- 

(2) B C [MX and d;,(5,7^BJ < 

(3) q q' if and only if ||x(r, q,0,0) + a + b — q'\\ < r]/2; 

(4) H : [X]ri ^ is a natural inclusion map. 

We set Tt-,,_^(S) = {T : T is a finite abstraction of S w.r.t. r, and /i}. 

Since we have supposed that the linear system S is forward complete, the sample system 
and any abstraction of S are non-blocking [|22l . Moreover, for any T,r], jj E IR+, the boundedness 
of the state space X of S implies that any abstraction of S w.r.t r, i] and yU is finite [|22l . In order 
to capture the equivalence between the finite abstraction and the sampling system of the original 
linear system, Pola and Tabuada introduce the notion of altemating approximate bisimulation. 

Definition 4: |[T9l, Let Ti = {Qi, Ai, Bi,^,0 , Hi) {i = 1,2) be two metric, non-blocking 

i 

altemating transition systems with the same observation set and the same metric d over O. Given 
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a precision e G M^, a relation i? C Qi x (^2 is said to be an alternating ^-approximate {AeA) 
bisimulation relation between Ti and T2 if for any (gi, ^2) £ 

(i) d(/fi(gi),iJ2(g2)) <£; 

(ii) Vai G Ai3a2 e A2V62 e 52Vg^ G g2(g2 ^ ^2 ^ G 5i3gi G Qi{qi ^ q[ and 

(?;,?2)ei?)). 

(iii) Va2 G A23ai G G SiVg^ G gi(gi ^ g'l ^ 3^2 G ^23^^ G g2(g2 ^ ^2 and 
{q[.q'2)eR)). 

For any gi G Qi and g2 G Q2, they are said to be AeA bisimilar, in symbols qi ~e q2, if there 
exists an AeA bisimulation relation R between Ti and T2 such that (^1,^2) € -R- Moreover, Ti 
and T2 are said to be AeA bisimilar, in symbols Ti T2, if there exists an AeA bisimulation 
relation R between Ti and T2 such that Qi = {qi G Qi : {qi,q2) G -R for some q2 G (52} and 
Q2 = {q2 e (^2 : {qii q2) e i? for some qi G Qi}- 

Immediately, we have the following result as usual. We leave its proof to the interested reader. 
Similar proofs may be found in [|24l. [|25l . 

Proposition 1: qi ~£ q2 if and only if they satisfy the following conditions: 

(i) d{H^{q^),H2iq2))<e; 

(ii) Vai G Ai3a2 G A2V62 G 52Vg^ G Q2(g2 ^ ^2 ^ 36i G 5i3g; G gi(gi ^ and 

(iii) Va2 G A23ai G G Bi\/q[ G Qi(gi ^ ^ 3^2 G 523g^ G Q2(g2 ^ ^2 and 
?i ~£ 92))- 

Under some circumstances, the sampling system Tt-(S) and finite abstraction of a control 
system S are shown to be altematingly approximately bisimilar. 

Theorem 1: ll22l Given an asymptotically stable linear control system S below 

: X = Ax + Bu + Gv, x e X,u e U,v eV 

and e G IR+. For any T,r],n E IR+ satisfying ||e^'^||£: + yU + ?7/2 < e and for any finite abstraction 
T G Tt-^^(S), T is AeA bisimilar to and for any state gi of T and state g2 of T^, if 

d(gi,g2) < £ then gi g2. 

III. Linear temporal logic LTL_x 
The notion of altemating transition system provides a formal model for control system with 
disturbance inputs. Apart from formal model, formal specification is another basic element in 
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the foraial analysis and design of control systems. The former captures the dynamics of control 
system, while the latter describes the desired property that control system should satisfy. As 
mentioned in Introduction, temporal logic is widely adopted to describe task specification [|3l, flU, 
||5l , (61, [|71, (H. In this paper, the specification of S will be expressed by a linear temporal logic 
known as LTL_x [l26ll . The LTL_x formulae have been used to specify the desired properties 
of control systems in [Tj. We recall this logic below. 

A. LTL^x <^nd satisfaction relation in discrete case 

Given a finite set P of atomic propositions, the temporal logic LTL_x(lP) is defined as follows. 
Definition 5: |[71, [|26l Let P be a finite set of atomic propositions. The linear temporal logic 
LTL_x(IP) formula is inductively defined as: 

LP ::= pj-iplv^i A (p2\Vi V Lp2\Vi^^2\^i^^2 

where p G P. 

The operator U is read as "until" and the formula Lpi\]Lp2 specifies that ipi must hold until 
holds. The operator U is the dual of U and is best read as "releases". The semantics of 
LTL_x(P) formulae are defined below. 

Definition 6: Let crp be any infinite word over 2^ (i.e., ap G (2"")'^). The satisfaction of 
LTL_x(P) formula (/? at position i G N of word crp, denoted by ap[i] |= Lp, is defined inductively 
as follows: 

(1) ap[{\ \=pif{ p e o-p[z]; 

(2) ap[i] ^ -ip iff p ^ ap[i]; 

(3) ap[i] ^ fi A(f2 iff o-p[i] |= fi and ap[i] \= 1^2; 

(4) ap[i\ \= ipi\/ ip2 iff (Tp[i\ \= fi or (7p[i\ \= Lp2\ 

(5) (7p[i] 1= Lpi\jLp2 iff there exists j > i such that ap[j] |= (p2 and for all A; G N with 
i < k < j, we have ap[k] \= ipi; 

(6) ap[i] 1= (pi\J(p2 iff for all j > i with ap[j] ^ (p2, there exists G N such that i < k < j 
and ap[k] \= Lpi. 

An infinite word ap is said to satisfy an LTL_x(P) formula (p, written as ap |= (p, if and only 

if ap[l] 1= ip. 

Definition 7: Let P be a finite set of atomic propositions and let : — )■ 2''" be a valuation 
function. Then for any LTL_x(P) formula pi, an infinite sequence a G (M")"^ is said to satisfy 
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if w.r.t fl, written as a \=y{ ^, if and only if n(^) H V^' where n(^) — IK^fl]) IK'^P]) ' ' ' • 
In this paper, similar to [jVl, we fix a finite set ¥h of atomic propositions, where each proposition 
p G P/j denotes an open half-space of M", i.e., p = {x G M" : x + dp < 0} with Cp G M" and 
dp G M. So the valuation function Y\.h considered in this paper is defined as: for any q G M", 
= {p G P/i : g G p}. Henceforth, since and Y\.h fixed, we will abbreviate LTL_x(P/i) 
to LTL_x and omit the subscript in HOh- 

B. Satisfaction relation in continuous case 

This subsection will explore the satisfaction relation between continuous trajectories of linear 
system S and LTL_x formulas. Kloetzer and Belta have defined such a satisfaction relation 
based on the notion of word corresponding to continuous trajectory [7J. We will recall their 
definition. Moreover, we will provide an alternative definition of satisfaction relation without 
reference to word. It will be shown that the latter is coincided with Kloetzer and Belta's. For 
simplifying related proofs, the latter will be adopted in the remainder of this paper. 

1) Satisfaction relation based on word: In [7J, to define the satisfaction relation between 
continuous trajectories and LTL x formulas, the notion of word corresponding to continuous 
trajectory is introduced. 

Definition 8: [7] Let S be a linear control system with state space X and x : ]Rl_ X a 
trajectory of S. An infinite sequence a G (2'^'*)'^ is said to be the word corresponding to the 
trajectory x if and only if there exist U G M° (« G N) with = ti < ^2 < ^3 < • ■ ■ such that for 
each i G N, 

(1.) = 

(2j) if a[i] 7^ a[i + 1] then there exists t G such that one of the following holds: 

(2,-a) a\i] = UhW)) and a[z + 1] = Uhi^it")) for all t' G [U,t) and t" G 
(2,-b) a\i] = Uhi^t')) and a[i + 1] = Uhi^t")) for all t' G [ti,t] and t" G (t,t.+i]; 

(3i) if a\i] = a[i + 1] then = Uhi^i^)) for all t G [U, oo). 

Definition 9: [7J Let S be a linear control system with state space X, x : R*}_ X a trajectory 
of S, and let be an LTL_x formula. The trajectory x is said to satisfy if, written as x \=yj Lp, 
if and only if its corresponding word satisfies Lp. 

Clearly, given a trajectory x, whether the above definition is well-defined depends on the 
existence and uniqueness of the corresponding word of x. We will show that, in practical 
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circumstance, this definition works well. To this end, we introduce the following notion. 

Definition 10: Let S be a linear control system with state space X, x : X a trajectory 

of S and t E ]R° . Then t is said to be a tipping point of x w.r.t. if and only if for any Eq E M+, 
there exists si < Eq such that UhiA^ - ^0) ^ Uhi^i^)) or njx(t)) UhiA^ + ^i))- For 
any to e Tip{to, x) = {f G M° : t' < to and t' is a tipping point of x w.r.t. F^}. 

Intuitively, if t is a tipping point of x w.r.t. Fh, it means that the trajectory x cuts across a 
borderline {a; G : c^x + dp = 0} for some p E Fh at time t. Clearly, given a trajectory x 
and ti < t2, since x is continuous, if H/il^l^i)) Ylhi^i^^)) then there exists at least one 
tipping point t w.r.t. Fh so that t E [ti, t2]- We leave its proof to interested reader. The following 
result explores the existence and uniqueness of the word corresponding to continuous trajectory. 
According to this result, if the trajectory x does not cut across borderlines infinite times on any 
bounded time interval [0,t], then Definition [9] is well-defined for x. 

Proposition 2: Let S be a linear control system with state space X and let x : M^. — )■ X be 
a trajectory of S. Then the following conclusions hold: 

(1) The word corresponding to the trajectory x is unique if it exists. 

(2) If Tip(t, x) is finite for any t E ]R° , then there exists a word corresponding to x. 
Proof: (1) Suppose that ai and (72 are words corresponding to x. Then for n = 1,2, by 

Definition [H there exist G ]R° (i G N) with = < < ■ ■ ■ such that for any i E N, 
(Ij), (2j) and (3i) in Definition [8] hold for (j„ and x. To prove ai = a2, it suffices to show that 
a^[j] = [z] = UhiA^)) for any z G N and t G M° with tj < t < tj or tj <t< tj. We argue 
by induction on i. 

If z = 1 then tj = tf = and the conclusion holds trivially. 

Suppose that the conclusion holds for k and i = k + 1. Consider two cases below. 

Case 1. ai[k] = ai[k + 1] or a2[k] = cr2[^ + !]• 

Suppose that ai[k] = cri[A; + 1]. Then, by Definition [8l we have 

J]^(x(t)) = ai[A;]foranyt>4. (2) 

Moreover, by induction hypothesis, we obtain ai[k] = 0-2 [/c] = Hhl^l^)) for any t E 
with tl < t < tl or tl < t < tl- Thus, it follows from © that ai[k] = a2[k] = Uhi^i'^)) 
for any t > tl. Therefore, since cxn[k + 1] = Ylhi^i^k+i)) ^^'^ ^l+i > for n = 1,2, we 



January 1, 2013 



DRAFT 



JOURNAL OF IEEE TRANSACTIONS ON AUTOMATIC CONTROL 



12 



get ai[k] = ai[k + 1] = a2[k + 1] = Ud^it)) for any t G R° with < t < tl^^ or 

Similarly, if (72 [^] = o'2[k + 1], we may show that the conclusion holds for k + 1. 
Case 2. ai[A;] ^ cri[A; + 1] and 0-2 [A;] ^ o-2[A; + 1]. 

If tl_^_-^ = tl^^ then the conclusion holds for A; + 1 trivially. So we just need to consider the 
nontrivial case where tl^^ ^ ^i+i- Without loss of generality, we may assume that t\_^^ < tl_^_^. 
By induction hypothesis, we have cri[k] = a2[k] = Ylhi^i^)) ^ ^ ^+ "^^^^ tl ^ t ^ tl 

or tl < t < tl. Then since o-i[k] ^ ai[k + 1], we obtain t| < tl_^_-^ (otherwise, ai[k] = ai[k + 1] 
follows from tl < tl_^_-^ < tl and induction hypothesis). Furthermore, by a2[k] ^ o-2[k + 1] and 
Definition [8l there exists t E [^^^,^^+1] such that one of the following holds: 

(a) a2[z] = njx(t')) and a2[i + 1] = Uhi^it")) for all t' e [tl,t) and t" e [t,tl^,]; 

(b) cx2[i] = UhW)) and ^2(2 + 1] = Uhi^it")) for all t' e [tl,t] and t" e (t.ti+J. 
Then since cri[A; + 1] 7^ o'2[k] and tl < tl_^_^ < tl^^, we get cri[A; + 1] = a2[k + 1] and t < 

Further, it follows that ai[k + 1] = cr2[A; + 1] = Ylhi^it')) for any t' e t^+i]- 

(2) Suppose that Tip{t,x) is finite for any t E M^. By Definition [8l it is enough to construct 
infinite sequences tit2 ■■■ E and a E {2^'')'^ so that = ti < ^2 < ■ • ■ and for any i E N, 

(Ij), (2j) and (3j) in Definition [8] hold for a and x. We construct them by induction on i G N. 
We set tl = and a[l] = Uhi^i^i))- 

Assuming that we already have t^ and (j[k], we construct tk+i and cr[/i;+l] below. If nfe(^(^a)) = 
n;i(x(t'a) for all ta,t'^ E (tfc,oo), then we set tk+i to be an arbitrary real number such that 
tk+i > tk and put a[k + 1] = Y\.hi^i^k+i))- In the following, we consider the case where 
]^^(x(ta)) ^ n/i(^(^a) for some ta,t'^ E (tfc, 00) with ta < t'^. Then there exists at least one 
tipping point t with ta < t < t'^. Since Tip{t'^, x) is finite, there exists t' E Tip{t'^, x) such that 
t' > tk and t" ^ Tip{t'^,x) for all t" E {tk,t'). Thus by Definition [TOl one of the following 
holds: 

(i) for any Eq E M° , there exists £1 < £0 such that H^l^l''-' ^ ^1)) Ilhi^i^'))' 

(ii) for any Eq E MP^_, there exists £1 < £0 such that Ylhi'^i'^')) 7^ n/i(^(^' + ^i))- 

If (i) holds then we set t^+i = t' and crf/c + 1] = Ylhi^i^'))- Otherwise, (ii) holds. Since 
Tipit, x) is finite for any t E M+, there exists £0 G IR+ such that Tip{t' + eQ, ^)-Tip{t', x) = 0. 
We set tk+i = t' + eQ and a[k + l] = ]\h{y^{tk+i)). 
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By Definition [8] and [TOl one may easily check that a defined above is the word corresponding 
to X. ■ 

Remark 1: In practice, we can not observe that a trajectory cuts across borderlines infinite 
times on some bounded time interval [ti, ^2]- So in this paper, we assume that for any trajectory 
X of S and t G M^, Tip{t, x) is finite. Then by Proposition |2l Definition |9] is well-defined. 

2) Satisfaction relation based on trajectory: In this subsection, we will define the satisfaction 
relation between continuous trajectories and LTL_x formulas without reference to word. This 
satisfaction relation will be shown to be coincided with the one in Definition |9l 

Definition 11: Let S be a linear control system with state space X and let x : — )• X be a 
trajectory of S. The satisfaction of LTL_x formula ip at time t E ]R° of x, denoted by x(t) |= (p, 
is defined inductively as: 

(1) x(t) h P iff x(t) G p; 

(2) x(t)h-P iffx(t)0p; 

(3) x(t) \= ip-i^ A(p2 iff x(t) 1= ipi and x(t) |= v^a; 

(4) x(t) \= Lp^y iff x(i(:) 1= (pi or x(i(:) |= (/^s; 

(5) x(t) 1= (pi\jLp2 iff for some ti,t2 G M° with t < ti < t2, one of the following holds: 
(5-a) x(ti) ^ and x(f) |= Lpi for all t' G 

(5-b) x(t') 1= ipi and x(t") |= for all t' G and t" G (ti,t2]; 

(6) x(t) 1= y9iU(y92 iff for any ti, ^2 G with t < ti < t2, we have 
(6-a) if x(ti) ^ ^92 then x(t') |= (pi for some t' G [t, ti), 

(6-b) if x(t') ^ ip2 for all t' G (^1,^2] then x(t") |= for some t" G 

An LTL_x formula (^9 is said to be satisfied by x, written as x |= (/?, if and only if x(0) |= (p>. 

In the following, we want to show that for any trajectory x of S, if Tip(t, x) is finite for all 
t G M° , then for any LTL_x formula Lp, x\= Lp if and only if x Lp. Before demonstrating it, 
we introduce a notation and provide an auxiliary lemma. 

Notation: Let H be a linear control system with state space X, x : X a trajectory of 

T, andt E M^. The function x* : M° ^ X is defined as x*(t') = x(i(; + t') for all t' E R^. 

Clearly, x° = x and x* is also a trajectory of S for any t E ]R° . Moreover, by Definition [TTl 
it is easy to check that for any t E M*|_ and LTL_x formula (p, x* |= 99 if and only if x(t) |= (p. 

Lemma 1: Let S be a linear control system with state space X and let x : M*} — )• X be a 
trajectory of S. Suppose that for any t E M.^, Tip(t, x) is a finite set and a and at are words 
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corresponding to x and x* (see Definition [8]), respectively. Then the following conclusions hold: 

(1) For any j eN with a[j] ^ a[j + 1], there exist to? ^ with to < i'o ^^'■^^ ^^^^ '^^^ 
the following holds: 

(a) a[j + 1, oo) = (Tto and for any t' < to, ut' = cr[i, oo) for some i < j, 

(b) a[j + 1, oo) = at' for all t' E (to, t'o] and for any t" < to, o"*" = (^[i, oo) for some i < j. 

(2) For any t E MP^_, there exists j eN such that a[j, oo) = at and for any i < j, a[i, oo) = at/ 
for some t' < t. 

Proof: Since a is the word corresponding to x, by Definition [8l there exist t j E ]R° (i G N) 
with = ti < ^2 < ■ ■ ■ such that for any i E N, (Ij), (2^) and (Sj) in Definition [8] hold for a 
and X. In the following, we prove (1) and (2) in turn. 

(1) Let j E N and a[j] ^ a[j + 1]. Then by Definition [8l there exists t E [tj,tj+i] such that 
one of the following holds: 

(^) ^[J] = Uhi^ii')) and a[j + 1] = UhW')) for all t' E [t„t) and t" E [t,t,+i]; 
(u) = UhW)) and f7[j + 1] = Uhi^n) for all f G [t^,t] and t" G (t,t,+i]. 
Suppose that (i) holds. We will show that a[j + 1, oo) = at and for any t' < t, at' = a[i, oo) 
for some i < j. 

To prove a[j + 1, oo) = at, we set t'^ = and for all A; G N with A; > 1, we set t'^, = tj^^ — t- 
Further, we set a' = Uhi^^i^i)) Uhi^\^2)) Uhi^^^'s)) ' " " • Then it follows from (i) that a' = 
a[j + 1, oo). Moreover, by Definition [8l it is easy to check that a' is a word corresponding to 
X*. Thus by (1) in Proposition [2l we obtain a' = a[j + 1, oo) = at. 

In the following, we demonstrate that for any t' < t, at' = a[i, oo) for some i < j. Let t' < t. 
Clearly, t' E [t„,t„_|_i) for some n < j. If Ylhi^i^')) = Ylhi^i'^")) we set i = n, otherwise 
we set z = n + L Then by (i) and t' < t, we get i < j. Similar to the above, we set t" = 

and t'l = U+k-i - t' for any k En. Then we set a" = n/.(x*'(t'/)) Ilh^^'' {t'i)) I{h{^'\t'i)) " " " • 
Similar to the above, we may illustrate a" = a[i, oo) = af. 

Similarly, if (ii) holds, we may show that a[j + 1, oo) = at' for all t' E {t,tj^i] and for any 
t" < t, at" = a[i, oo) for some i < j. 

(2) Let t E M^. Consider the following two cases. 

Case 1. t G [tt,tt+i) for some i EN. Similar to (1), we may have at = a[j, oo) for j = i or 
j = i + 1. Let k < j. We set t' = tk. Similar to (1), we may get at' = a[k, oo). 
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Case l.t^ for any % e N. Then it follows that t > U for all i G N. By Definition [8] 

and[lOl for any i G N, if n/i(^(^«)) 7^ n/i(^(^«+i)) '^hen there exists at least one tipping point t' G 
[tj, tj+i]. Further, since Tip{t, x) is finite, there exists j G N such that Ylhi^i^j)) ~ Y[hi^i^j+^))- 
Thus by Definition [8l we have Ylhi^i^")) ~ '^[j] ~ ^[^] ^" — ^ ^ J - Then it follows 

from t > tj that Ylhi^{t")) = Ylf^{yi(t)) for all t" > t. So by Definition [H it is easy to see that 
at = cr[j, oo). 

Let i < j. Clearly, U < t. Similar to (1), we may show that at^ = cr[i, oo). ■ 

The following result demonstrates that, given a trajectory x. Definition |9] coincides with 
Definition [TTI under the assumption that Tip(t,x) is a finite set for any t G MP^. 

Proposition 3: Let S be a linear control system with state space X and let x : — t- X be 
a trajectory of S. If Tip(t,x) is a finite set for any t G MP^_ then for any LTL_x formula if, 
x\= Lf if and only if the word corresponding to x satisfies (p. 

Proof: Suppose that Tip{t, x) is a finite set for any t G and a is the word corresponding 
to X. It is enough to show that for any LTL„x formula and t G MP^, x* |= (/? if and only if 
at \= where at is the word corresponding to x*. We will proceed by induction on the structure 
of formula if. The proof is a routine case analysis. We will give two sample cases. 

Case 1. ^ = p. Let t G M^. Then we have 

X* h <^ iff x(t) h P 

iff x(t) G p (by Definition [11]) 

iff peat [1] (by Definition [8]) 

iff at 1= p. (by Definition (6]) 

Case 2. Lf = (y9iUv?2- Let t G . We prove that x* |= if and only if at \= as follows. 
(From Left to Right) Let x* \= ip. So y.{t) ^ ip. Then by Definition [Til there exist ^1,^2^ M° 
with t < ti < t2 such that one of the following holds: 

(a) x(ti) 1= If 2 and x(i(:') ^ (/^i for all t' G [t,ti), 

(b) x(t') 1= and x(t") |= (/?2 for all t' G and t" G (ti,t2]- 

Suppose that (a) holds. Then it follows that x*^ |= (p2 and x*' |= ipi for any t' G [t,ti). So by 
induction hypothesis, we obtain 

ati \= Lp2 and af \= ipi for any t' G (3) 
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Then by (2) in Lemma [B there exists j E N such that at[j, oo) = and for any i < j, 
at[i, oo) = at' for some t' E [t,ti). Further, it follows from (|3} and Definition |6] that at[j] \= 
and at[i] |= v^i for any i < j. Therefore, by Definition |6l we get at[l] |= if and then at \= (p. 

Suppose that (b) holds. Then we have x*' |= ipi and x*" |= (p2 for all t' E [t, ti] and t" E (^1,^2]- 
So it follows from induction hypothesis that 

at' 1= ipi and at" \= for all t' E [t,ti] and t" E (^1,^2]- (4) 

Moreover, by (2) in Lemma [H there exists j E N such that at[j, 00) = at^ and for any i < j, 
at[i, 00) = at' for some t[ E M° with t < t[ < ^2- If <Jt[i, 00] \= >~p\ for all z < j then 0-^1=^9 
holds trivially. Suppose that at\a, oo\ ^ for some n < j. Clearly, there exists k < n such 
that at[k] ^ ipi and at[i] |= ^pi for all i < k. Then since k < n < j, there exists E [t, such 
that cr[A;, 00) = at'^. Thus it follows from dD and at[k] ^ Lpi that at[k] \= ^2- Therefore, since 
at^ 1= v^i for all i < k, obtain at |= v^. 

(From Right to Left) Let at |= Lpi\]Lp2. Then by Definition [6l there exists n G N such that 
(Tt[r2] 1= Lp2 and 0-4 [z] |= t/^i for any i < n. Thus there exists j < n such that 

(T^j, 00] 1= ip2, at[i, 00] ^ (/?2 and ctJ^j 00] |= Lpi for any i < j. (5) 

If j = 1 then at |= (/92. Further, by induction hypothesis, we obtain x* |= Lp2- Then it follows 
from Definition [TTI that x* |= Lpi\J(p2- In the following, we consider the case where j > 1. Then 
by dS]) and Definition [6l it is easy to check that at[j] ^ at[j — 1]. Thus by (1) in Lemma [H there 
exists tQ,tQ E with < such that one of the following holds: 

(a) at[j, 00) = at+to and for any t' < to, at[i, 00) = at+t' for some i < j, 

(b) at[j, 00) = at+t' for all t' E {to, t'o] and for any t" < to, at[i, 00) = at-i-f for some i < j. 
If (a) holds then it follows from induction hypothesis and (|5]) that at-i-t^ |= v^2 and at+t' \= ^1 

for any t' < to- Thus by Definition [TTI we obtain at \= ^p. Similarly, if {h) holds, we may show 
that at\= (p. ■ 
Henceforth, the sentence "trajectory x satisfies an LTL_x formula 9?" means x |= 9? defined 
in Definition [TTI 

IV. Transforming Specification 

The remainder of this paper concerns itself with the relationship between the formal design 
of Pola and Tabuada's abstractions and that of linear systems with disturbance inputs. Similar 
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X X 



3-a 3-6 

Fig. 3. Counterexample for (TP-1) 

problem has been considered for systems without disturbances [|71, (HI, [fTOll . Amongst, 
Tabuada and Pappas demonstrate the following two conclusions 

(TP-1). There exists a controller for linear system enforcing specification if and only if there 
exists a controller for finite abstraction enforcing the same specification. 

(TP-2). The controller for finite abstraction can be applied to the original linear system to 
meet specification. 

Based on these two conclusions, in order to obtain a controller of control system enforcing 
the given specification, it is enough to construct a controller for finite abstraction enforcing 
this specification [8]. Unfortunately, when we consider linear system with disturbances, neither 
(TP-1) nor (TP-2) always holds. Two counterexamples are provided below. 

Example 1: Consider the state space X of linear system S, as shown in Fig [3]-a. Given 
e E M+, let T,r], fi G M+ such that ||e^'^||£: + /i + r]/2 < e. Clearly, such T,r], ji exist. Then by 
Theoremdl any finite abstraction T G Tr^rj^iiX-) is AeA bisimilarto Tr(S). Let T G T^^r/A^) ^^'^ 
T = (Q, A, B, ^, R", H). In Fig[3l-a, black spots denote the states of T. Let Fh = {puP2,P3,P4} 
be a finite set of propositions and let pi (i = 1,2, 3, 4) be atomic proposition representing open 
half-space as illustrated in Fig|3]-b. In this case, if specification lpq is A-ip2 Aps Ap4, then there 
exist some initial states of S such that the trajectories of S from these states satisfy specification 
(e.g., see x in Fig [3]-b). Thus we may construct a controller which sets initial state of S to be 
x(0). Clearly, the trajectories of S with this controller satisfy the above specification. On the 
other hand, since every state in Q (i.e., black spots in Fig [3l-a) doesn't satisfy cpo, any trajectory 
of T does not satisfy this specification. So there does not exist a controller for T enforcing this 
specification. Therefore, (TP-1) does not always hold for Pola and Tabuada's abstractions and 
linear systems with disturbance inputs. 

Example 2: Similar to Example [U in Fig |4]-a, X denotes the state space of a linear system 
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i-a 4-b 



Fig. 4. Counterexample for (TP-2) 

S. Given e E IR+, let T,r],ii E IR+ with ||e^'^||£: + + r]/2 < e. Clearly, such T,r],ii exist. 
Thus any finite abstraction T E Tt-^^^^{Tj) is AeA bisimilar to Tt-(S). Let T E Tt-^^(S) and 
T = (Q, A, B, — 7-, M", if). The states of finite abstraction are indicated by black spots in Fig |4l- 
a. Let q E Q he a state of T. Without loss generality, we may suppose that a E A is a control 
label of T and {q' : q q' for some disturbance label b E B} = {qi, q2, qs}, as illustrated in 
Figlll-a. Consider a finite set Fh = {^1,^2,^3,^4}, where pi {i = 1,2,3,4) is atomic proposition 
representing open half- space as shown in Fig |4}b. Let the specification ipo = (-1^3 Ap4)U(p3 A 
-1^4). We set the initial state to be q and put the control label to be a when the current state of T is 
q. Under such control, it is easy to check that the trajectories of T satisfy the given specification. 
However, due to Fig |4]-b, it is clear that any trajectory of S does not satisfy this specification 
under any control. Thus (TP-2) does not always hold for Pola and Tabuada's abstractions and 
linear systems with disturbance inputs. 

Due to the above two examples, we know that linear systems and their finite abstractions 
do not always share the identical properties described by LTL_x formulae under control. Thus, 
given an LTL_x specification y^o for linear systems with disturbance inputs, if we directly adopt 
(fo as specification for finite abstraction, then the formal design for the latter may not be helpful 
for the former. The remainder of this paper will try to find a way to solve this problem and 
establish results similar to (TP-1) and (TP-2) for systems with disturbances. To this end, we will 
transform LTL_x specification for linear system S to specification ip^ for finite abstraction 
and demonstrate that, under some assumptions, given an initial state go and a control strategy 
/ of finite abstraction enforcing (^q, there exists a controller based on go and / so that the 
trajectories of S with this controller satisfy ipo- This section will take two steps to realize such 
transformation. 
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A. Transforming specifications for S to specifications for 

This subsection will deal with transforming the specification Lpo for S to (^q for Tr(S). We 
will show that under some circumstance, if (Xx is a sampling trajectory of x then cTx |= V^o implies 
x\= LfQ. Here the specification (^'q is described by the linear temporal logic defined below. 

Definition 12: Let 6 E M+. The formulae (p of linear temporal logic LTLij^(P/i) are inductively 
defined as: 

ip ::= A ip2\(pi V v92|v5iUv92|</'iUv^2 

where p G P/i, i.e., p = {x G M" : cjx + dp < 0} for some Cp G M" and rfj, G M. 
The semantics of LTL^j^ formulas are defined as follows. 

Definition 13: Let a G (M")'^ and 6 G The satisfaction of LTLi;^ formula (p at position 
i eN of a, denoted by a[i] \= ip, is defined similarly to Definition |6] except for the cases where 
either ip = [5]p or (p> = [5]^p: 

(10 h [S]P iff Mcr[i]) C p; 

(20 cr[^ h iff Bs{cr[^)np = 0. 

The infinite sequence a satisfies an LTL^j^^ formula Lp, written as a \= (p>, if and only if 

1= ^. 

In order to transform tpo to the desired (p>Q, we introduce the following function. 
Definition 14: Let 6 E M+. The function trs : LTL_x LTLi^^ is inductively defined as 
follows: 

(1) trsip) = [6]p; 

(2) trsi^p) = [6]^p; 

(3) trsifi A V52) = trs{(pi) A trs{ip2); 

(4) tr5((y9i V = ^^^^(v^i) V trs{ip2); 

(5) tr5(v9iUv92) = trsi<p>i)lJtrs{ip2); 

(6) tr5(v9iUy92) = tr5(v9i)Utr5(v92). 

The following result reveals that, for any LTL_x formula (p>o, under some assumption, if the 
sample trajectory satisfies trs{(p>o) then the original trajectory of S satisfies cpo. 

Theorem 2: Let S be a linear control system with state space X, x : R° — )■ X a trajectory 

of S, (Jx = x(0)x(r)x(2r) ■ ■ • and 5 G M+. If ||x(t) - x((r2 - l)r)|| < 6 for any n G N and 
t E [{n — l)r, nr), then for any LTL_x formula (pQ, dx |= trs{^po) implies x |= (p^. 
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Proof: Suppose that ||x(t) — x((n — l)r)|| < 5 for any n G N and t G [{n — l)r, nr). To 
complete the proof, it is enough to show that for any LTL_x formula ip^ and for any z G N and 
t G ]R° with {i -1)t <t < IT, if a^[i] |= trs{ipo) then x* |= (po, where x*(t') = x(t + 1') for 
any t' G M^. We proceed by induction on (p^. The proof is a routine case analysis. We give two 
sample cases. 

Case 1. (po = P- Let i G N, (z — l)r < t < it and (Tx[^] |= tr5((/9o). Then by Definition [141 
we obtain (Jxfi] |= It follows from Definition [T3] that i35((Jx[^]) ^ Then since ||x(t') — 
x((n — l)r)|| < 5 for any n G N and t' G [(n — l)r, nr), we have d((Tx[z], x(t)) < 5. This, 
together with Bs{(Jx[i]) C p, implies that x(t) G p. Thus by Definition [TTl we get x(i(:) |= (/jq 
and then x* |= (po. 

Case 2. = 11^92 • Let i E N, {i — l)r < t < ir and (Xxi^] H trs{p>o). Then it follows 
from Definition [141 that crx[^] |= trs{p>)i\Jtrs{p>)2- Thus by Definition [131 there exists j > i such 
that (Jxb] 1= '^2 and for all A; G N with i < k < j, we have dxi^] |= fi- So by induction 
hypothesis, we obtain x^-'"^)'^ |= and x*^ |= p>i for any k E N and ti G with i < k < j 
and (A; — l)r < ti < fcr. Then it follows that x((j — l)r) |= p>2 and x(ti) |= p>i for any A; G N 
and ti E with i < k < j and (A; — l)r < ti < kr. Therefore, by Definition \TT\ we get 
x(t) 1= Lpi\]p)2 and then x* |= Lpi\]Lp2- ■ 

5. Transforming specifications for to ones for T^^^(E) 

This subsection will concern itself with the transformation from trsi^po) for Tt-(S) to spec- 
ification (/9o for finite abstractions of S. Similar to the function tr^, we introduce a transform 
function below. 

Definition 15: Let £,5 G IR+. The function trf : LTLI^ -> LTli^ is defined as for each 
LTL^j^ formula if), tr^{tjj) is obtained from tjj by replacing [5] by [5 + £:]. 

In the rest of this subsection, we want to show that under some assumptions, for any e, 5, T,r], jj E 
]R+, finite abstraction T G Tt- ,j_^(S) and LTLI^^^ formula ip, if specification tr^i-ip) is satisfied by 
T under control, then tp is satisfied by T^(S) under control. To this end, some notions related 
to control strategy are introduced below. 

Definition 16: A control strategy for an alternating transition system T = (Q, A, B, — > 
,0,H) is a function f : Q+ ^ 2^ - {0}. For any q E Q, the outcomes Out'^{qJ) (n E N) 
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and Outxiq, f) of / from q are defined as follows: 

Out^{qJ) = {se Q" : = q andVl < i < rBa, G /(s[l,i])36, G 5(s[z] ^ s[i + 1])}, 
OutTiqJ) = {(T G Q"^ : = g andVz G N3ai G /((t[1, i])36i G B{a\t] ^ a[i + 1])}. 

Furthermore, we define Out^{q, f) as: Out^{q, f) = {Jnen^'^^'ri^^ f)- 

If alternating transition system T is known from the context, we often omit subscripts in 
Outl^iqJ), OutriqJ) and Out^qJ). 

Lemma 2: Let k E N. Then Out^^^qJ) = {s E g^+^ : s[l,k] E Outl^iq, f) and 3ak E 
f{s[l,k])3bkEB{s[k]^s[k + l])}. 

Proof: Straightforward. ■ 

Definition 17: Let S be a linear control system and q a state of Tt-(S). We say that the formula 

is satisfied by q under control if and only if there exists a control strategy / such that a \= 
for all a E Out(q, /). Furthermore, we say that the formula ip is satisfied by Tt-(S) under control 
if and only if there exists a state q of Tr{T.) such that is satisfied by q under control. 

Let r,r],ji E IR+, T G Tt-,,,^(S) and let q' be a state of T. Similarly, we may define that the 
formula (p is satisfied by q' and T under control. 

Lemma 3: Let Tj = (Qj, x Sj, — O, iJj) (i = 1, 2) be two metric, non-blocking alternating 

i 

transition systems with the same observation set and the same metric d over O. Suppose that 
Qi is finite and / : (Qi)^ — )■ 2^^ — {0} is a control strategy. For any qi E Qi, q2 E Q2 and 
6 E if qi ~£ q2 then there exists a control strategy /' : {Q2)^ — {0} such that for 

any 0-2 G Out{q2, f), o\ ~e 02 for some cj\ E Out{qi, f) 

Proof: Let e E qi E Qi, q2 E Q2 and qi ~£ ^2- In order to obtain the desired control 
strategy /', we define the subset A„ of {Q2)" and the function : A„ — )■ 2^^ ^ 
inductively as follows: 

Ai = {^2} and the function /i : Ai — )■ 2"^^ defined as 

/i(g2) = {a2 e A2 :3ai G /(gi)V62 G 52Vg^ G g2 

(^2 ^2 ^ 36i G Bi3q[{qi q[ and ~, q'^))}. 

Assume that A^ and fk have been defined. Now we define A^+i and fk+i below: 

^For any (finite or infinite) sequences ai and 02, ai ~£ 02 if and only if |ai| = \a2\ and ai[i] a2[i] for all i < \ai\. 
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Ak+i = {52^2 ■■ S2 e Ak and 3a2 G /fc(s2)362 e 52(s2[A;] -^^^ ga)} 

and the function fk+i : Ak+ defined as for any S2 G A^+i, 

^ {a2 e A2 :3s; G OMt'=+i(gi, f){s[ ~, and 3ai G /(s;)V62 G 52Vg^ G Q2 
{s2[end] ^2 ^ 36i G i?i3g;(s;[en(i] -^i^ and q[ ~£ q'2))}- 
Based on the above definition, we may define /' : ((52)^ — ^ follows: 

f/|,|(s) ifsGA|,| 

f{s) = 

y A2 otherwise 

To show that /' is the desired control strategy, we prove the following three claims in turn. 
Claim 1. For any n G N, we have 

(1„) A„ ^ 0; 

(2„) for any S2 G A„, there exists si G OMt"(gi, /) such that si ~£ S2; 
(3„) for any S2 G A„, /^(sa) 7^ 0. 
We proceed by induction on n. 

If n = 1 then (1„) and (2„) hold trivially. Since / is a control strategy, we have f{qi) 7^ 0. 
Let ai G f{qi). Then by qi ~e q2 and Proposition [H there exists 02 G A2 such that 

V62 G 52Vg^ G g2(g2 ^ 92 ^ 36i G fii3g;(gi ^ and q[ ~, g^))). 

Thus 02 G fn{q2) and then (3„) holds. 

Suppose that (1/,.), 2^ and (3^) hold. We prove Ik+i, 2^+1 and 3/;:+i in turn. 

(Ifc+i) By induction hypothesis, we get A^ 7^ and /fc(s2) 7^ for any S2 G A^. Thus there 
exists S2 G Afc and 02 G fk{s2). Let 62 G -82- Then S2[k] for some ^3 ^ Q2- Therefore, 

52^2 ^ Afc+i and then A^+i 7^ 0. 

(2fc_|_i) Let S2 G Afc+i. Then by the definition of A^+i, there exists 02 G /fc(s2[l, A;]) and 62 G 
i?2 such that s'2[k] ""^'^^ g^lk + 1]. Further, by the definition of /fc, there exists si G Out''{qi, f) 
such that si ~e S2[l, A;], Si[A;] — and q[ ~e S2[A; + 1] for some ai G /(si), 61 G -Bi and 
q'l G Qi- Thus we obtain siq[ G Out^^^{qi, f) and sig^ ~e 53. 

(3fc+i) Let s'2 G Afc+i. By (2^+1), there exists s'^ G Out^^^{qi, f) such that s'^ ~e s'2. So we 
have s'Jenrf] ~£ Saierarf]. On the other hand, since / is a control strategy, we get f{s'i) 7^ 0. 
Then similar to the case n = 1, we may show that /jt+i(s2) 7^ 0. 
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Claim 2. /' is a control strategy and A„ = Out"-{q2, f) for any n G N. 

It follows from Claim 1 and the definition of /' that /'(S2) 7^ for any S2 E Q^. Thus by 
Definition [T6l /' is a control strategy. Next, we show that A„ = Ouf'{q2, /') for any n G N. 

If n = 1 then Ai = {^2} = Out^{q2, /')• Let n = k + 1. By induction hypothesis, we obtain 
Afc = Out''(q2, f). Moreover, it follows from the definition of /' that /'(S2) = fk{s2) for all 
S2 G Afe. Then, since A^ = Out''{q2, f), by the definition of A^+i and Lemma [2l it is clear 

that A,+l = 0^zt'=+l(g2,/')■ 
Claim 3. For any a2 G Out{q2, f), there is ai G Out{qi, f) such that ai ~e a2. 

Let (T2 G Out{q2, /')• By Claim 2, for each n G N, we have (T2[1, n] G A„. Then, by Claim 1, 
there exist a family of sequences s" G Out"(gi,/) (ra G N) such that s" ~e o"2[1,ti] for each 
n G N. Further, since Qi is finite, it is easy to check that there exists an infinite sequence 
2i22 ■ ■ ■ E N'^ such that for any j G N, ij < ij+i and s*^ is a proper prefix of s'^+S i.e., 
s*^ o s = for some s G (Qi)^. Clearly, for any k eN, there exists j eN such that k < ij. 
Furthermore, for any jJ,kEN,ifk< ij and k < ii, then [A;] = s^^ [k]. We define an infinite 
ci G (Qi)'^ as: for any k E N, if k < ij for some j E N, then we set ai[k] = s^^[k]. It is easy 
to see that ai is well-defined. Then, since s'^ G Out^{qi, f) and s*^ ~£ cr2[l,ij] for all j G N, 
by Definition [T6l we have ai E Out(qi, f) and ai ~e (72. ■ 

Lemma 4: Let S be a linear control system, e, S, T,r], n E IR+ and let T E Tt- ,,_^(S) be a finite 
abstraction of S. For any trajectory ai of 7V(S) and any trajectory (J2 of T, if ai ~£ (T2 then 
for any LTL^^^ formula ip, (T2 |= trf{-ip) implies ai \= -ip. 

Proof: We argue by induction on the structure of 'tp. We give two sample cases. 

Case 1. ip = [5]p. Then by Definition \T5\ we have tr^(^) = [6 + e]p. Let ai ~£ (T2 and 
o"2 1= tr^ii')- Therefore, d((Ji[l], (J2[l])| < £^ and o"2 H + ^]P- It follows from Definition [T3] 
that (72 [1] 1= [5 + e]p. To prove (Ti |= ^, by Definition [131 it is enough to show that q E p for 
any g G M" with d(g,(Ti[l]) < 6. 

Let g G and d(g,(Ti[l]) < 6. Then it follows from d((7i[l], (T2[1])| < e that d(g,a2[l]) < 
d(g,o-i[l]) + d((Ti[l],cr2[l]) < 5 + £. So by a2[l] |= [6 + e]p and Definition [H we get q E p. 

Case 2. V = ^'1^2- It follows from Definition [l5] that trf{ip) = trf (?/'i)Utrf (?/'2). Let 
0"! ~£ cr2 and (72 |= tr^{-ip)- Thus by Definition [131 for some j E N, we obtain (72 [j] |= 
trl{il>2) and cr2[«] |= tr^{il>i) for all 1 < i < j. Then by Definition [T3l (T2[j, 00] |= tr^{'ijj2) and 
cr2[«, 00] 1= trf (^/'i) for 1 < i < j. Moreover, it follows from ai ~e (J2 that o-i[j, 00] ~e 0-2 [j, 00] 



January 1, 2013 



DRAFT 



JOURNAL OF IEEE TRANSACTIONS ON AUTOMATIC CONTROL 



24 



and cri[i,oo] ~e (T2[i, oo] for all 1 < i < j. Further, by induction hypothesis, (Ti[j, oo] |= 4'2 
and cri[z,oo] |= 'ipi for all 1 < z < j. Thus it follows from Definition [T3] that (Ji[j] |= ip2 and 
ai[i] 1= ipi for all 1 < z < j. Therefore, we have cri[l] |= i'iU4'2 and then ai \= tp. ■ 

Now, we arrive at the main result of this subsection. 

Theorem 3: Given an asymptotically stable linear control system S below 

: X = Ax + Bu + Gv, x e X,u eU,v eV 

and e,S e M+. For any T,ri, ^ e M+ satisfying ||e^'^||£: + /i + ri/2 < e and for any T e T^^ri^fii^) 
and X formula ^, if trl{il)) is satisfied by T under control then if) is satisfied by T^(S) 
under control. 

Proof: Let T,r], ^ E M+ such that ||e'^'^||£: + fi + 'q/2 < e and let ip be an LTL^j^ formula. 
Suppose that -ip is satisfied by T under control. Then it follows from Definition [17] that there 
exists a state q2 of T such that trf.{ijj) is satisfied by q2 under control. Thus there exists a control 
strategy / : ^ 2^ - {0} such that 

CT2 1= trf (V^) for all ^2 G 0Mt(g2, /)• (6) 

Moreover, it follows from Theorem [T] that qi ~£ q2 for some state qi of Tt-(S). Therefore, 
by Lemma [3l there exists a control strategy /' : (Qt)^ — )■ 2^^ — {0} such that for any ai E 
Out{qi, /'), cTi ~e (72 for some (J2 G Out{q2, /). Further, by Lemma |4] and (|6]), we get cri |= ip 
for any cti G Out{qi, f). Thus it follows from Definition [T7] that ^/^ is satisfied by qi under 
control. Then ^ is satisfied by T^(S) under control. ■ 
Immediately, we have the following result. 

Corollary 1: Given an asymptotically stable linear control system S below 

: X = Ax + Bu + Gv, x E X,u eU,v eV 

and e,5 E IR+. For any T,r], E M+ satisfying ||e^'^||£: + fi + r]/2 < e and for any T E T,-^,,_^(S) 
and LTL_x formula lpq, if tr^(trs{(^o)) is satisfied by T under control then trs{(^o) is satisfied 
by Tt-(S) under control. 

Proof: Follows from Definition [14] and Theorem [3] ■ 
In this section, the functions trs and tr^ play central roles. We use these functions to transform 
LTL_x formula ipo to LTLij^ formula trs{(po) and LTL^^ formula tr^{trs{(po)), respectively. 
Similar method has been adopted in [|27l to offer a logical characterization of A— bisimulation [|25| . 



January 1, 2013 



DRAFT 



JOURNAL OF IEEE TRANSACTIONS ON AUTOMATIC CONTROL 



25 



V. Controller of S derived from control strategy of finite abstraction 

This section will demonstrate that, under some assumptions, given an initial state q and a 
control strategy / of finite abstraction enforcing tr^(trs{^o)), there exists a controller of S 
derived from q and / which enforces S satisfying (^o- 

Definition 18: Given a linear control system S below 

E : X = Ax + Bu + Gv, X e X,u e U,v eV 

and T G M+. A r-controUer of S is a pair C = {Xq, fc), where Xq C X denotes a set of initial 
states and fc is a partial function from X+ to The function fc is said to be a r-controUer 
function. 

Definition 19: Given a linear control system S with state space X and e,T,r],n E IR+. Let 
T G T^,r^A^) and T = (Q, A, B, ^, R", H). Suppose that qo e Q and f : Q+ ^ 2^ - {0} is a 
control strategy of T. Then a r-controUer C = (Xq, fc) of S is said to be derived from go and 
/ if and only if the following hold: 

il)Xo = {qeX:d{q,qo)<e}, 

(2) for any s G if there exists si G Out^(qo, f) such that s ~£ si then /c(s) is defined and 
||x(r, 0, /c(s), 0) — a\\ < for some s' G Out^{qo, f) and a G /(s') with s ~e s', otherwise 
fc{s) is undefined. 

The following result reveals that, for any initial state go and control strategy / of finite 
abstraction, there exists some controller C = {Xq, fc) of S derived from go and /. 

Lemma 5: Given a linear control system S with state space X and e,T,r],n G IR+. Let 
T G Tr^nA^) and T = {Q,A,B,^,m'',H). Then for any go G Q and control strategy / : 
-^2^ — {0}, there exists a r-controUer C = {Xq, fc) of S derived from go and /. 
Proof: Let go G Q and let / : ^- 2^ - {0} be a control strategy of T. We set 

A = {s G X+ : s ~£ Si for some Si G Out^{qo, /)}. 

So for each s G A, there exists a G A such that a G /(si) and s ~e Si for some Si G Out'^{qo, f). 
Moreover, for any a G A, by T G Tr ,,^^(S), Definition [2] and [3] and the definitions of TZ_a^ and 
dfi, there exists u G such that ||x(r, 0, u, 0) — a\\ < fi/2. Thus for each s G A, there exists 

"^At = {u £U : the domain of u is [0, r]}, see Definition |2] 
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some control input u E such that ||x(r, 0, u, 0) — a\\ < fi/2 for some Si G Out^{qo, f) and 
a E /(si) with s ~£ Si. Such control input may not be unique. For each s G A, we fix G A^-, 
which is one of such control inputs. Further, we define a partial function fc : — )■ A^- as 



It is easy to see that (Xq, fc) is a r-controUer derived from go and /, where Xc = {q E X : 
d{q,qo)<e}. m 

To illustrate the execution of linear system S with r-controUer derived from go and /, the 
following proposition is needed. 

Proposition 4: Given an asymptotically stable linear control system S below 



Let e, T,r],fiE M+, T E T^,r,A^), T = {Q, A, B, ^, M", H), go G Q, / a control strategy of T 
and let C = {Xq, fc) be a r-controUer derived from go and /. Assume that \\e-^'^\\e + fi + r]/2 < e. 



Definition [21) then there exists Si E Out^{qo, f) such that sq ~e Si. 

Proof: Let s E X+ and q E X. Suppose that fc{s) is defined and s[end\ ^"^^^'^y ^ q for some 
V G B^. Then by Definition [191 there exists si E Out^{qQ, f) and a E f{si) such that s ~e Si and 
||x(r, 0, fc{s), 0) — a\\ < /i/2. So to complete the proof, it is enough to show that si[end] g' 
and g ~e g' for some q' E Q and 6 G 5. By sfend] ^^^^^-^^^ q and Definition [2l we obtain 
g = x(r, s[er2(i], fc{s),\-) = x(r, ^[end], 0, 0) + x(r, 0, fd-s), 0) + x(r, 0, 0, v). By Definition [3l 
there exists b E B such that ||x(r, 0,0,v) — b\\ < fi/2. Thus it follows that Si[en(i] g' for 
some state g' G Q of T. Next, we show that d(g, g') < e. By si[e?T,(i] g' and Definition [3l 
we have ||x(r, si[en(i], 0, 0) + a + 6 — g'|| < 77/2. It follows that 

||x(r, s[en(i], 0, 0) + a + 6 — g'|| 

< ||x(r, s[en(i], 0, 0) + a + 6 — x(r, Si[en(i], 0, 0) + x(r, Si[en(i], 0, 0) — g'|| 

< ||x(r, s[enc/], 0, 0) — x(r, Si[en(i], 0, 0)|| + ||x(r, Si[en(i], 0, 0) + a + 6 — g'|| 

< lle^^ll ■ \\s[end] - si[end]\\ + r//2 

< lle^^ll ■e + ri/2. 




T, : X = Ax + Bu + Gv, x E X,u E U,v eV. 



For any s E X+ and g G X, if /c(s) is defined and s[en(i] 



-J-T- g for some w E Br (see 
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Thus we get 

||g — g'll = ||g — x(r, s[end], 0, 0) — a — 6 + x(r, s[end], 0, 0) + a + 6 — 

< ||g — x(r, s[en(i], 0, 0) — a — 6|| + ||x(r, s[end], 0, 0) + a + 6 — q'\\ 

< ||g-x(r,s[enrf],0,0) -a-h\\ + \\e^^\\ ■e + ri/2 

= ||x(r,s[enrf],0,0) +x(r,0,/c(s),0) + x(r,0,0,v) - x(r, s[end], 0, 0) 
-a-b\\ + lle^^ll ■e + ri/2 

< ||x(r,0,/,(s),0) - all + ||x(r, 0, 0, v) - 6|| + ||e^^|| ■ e + r//2 

< fi+ lle^^ll -£ + ^2 

< e. 

So by Theorem [H and ||e^'^||£: + /i + 77/2 < £, we obtain q ~£ g' and then sq ~£ sig'. ■ 
Given an initial state go and a control strategy / of finite abstraction T, the execution of system 
S with a controller (Xq, fc) derived from go and / is described below. We start this execution 
from some state x(0) G Xq (i.e., d(x(0), go) < e). Then controller function fc provides a control 
input /c(x(0)), which is applied to S on the time interval [0, r). At time r, the system S reaches at 
a state x(r) from x(0) with control input /c(x(0)) and some disturbance input. By Proposition |4l 
there exists a state gi of Tt-^^^^(S) such that gogi G Ont+(go,/) and gogi ~e x(0)x(r). Then 
controller function fc offers a control input /c(x(0)x(r)), which is applied on the time interval 
[r, 2r). The process repeats in such manner. Here we just informally describe the execution of 
S with a controller (Xo, fc)- Clearly, whether such execution exists indeed depends on whether 
fc is defined at points in the form of x(0)x(r)x(2r) ■ ■ ■x(rir). This issue will be considered in 
Proposition |5l 

The above execution produces trajectories of S with controller derived from go and /, which 
are formally defined below. 

Definition 20: Given an asymptotically stable linear control system S below 

E : X = Ax + Bu + Gv, X e X,u e U,v eV. 

Let e,T,r],fi G IR+ and let T G T^-^r|,^J.{^) be a finite abstraction of S. Suppose that T = 
{Q, A, B,^,M"', H), qo E Q, f is a control strategy of T and C = {Xq, fc) is a r-controUer 
derived from go and /. Then x : — )► X is said to be a trajectory of S with r-controUer C if 
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and only if for any n E N, /c(o"x[lj^]) is defined and there exists v„ G B^. (see Definition O 
such that x(t) = Ax(t) + Bf^{a^[l,n]){t) + Gv„(t) for any t e M° with {n - 1)t < t < nr, 
where dx — x(0)x(r) ■ • • . 

Due to the following result, given a controller derived from qq and /, the trajectory of S with 
this controller indeed exists. 

Proposition 5: Given an asymptotically stable linear control system S below 

E : X = Ax + Bu + Gv, X e X,u e U,v eV. 

Let e, T,ri, fi e M+ such that \\e-^'^\\e + fi + ri/2 < e and let T G Tr^n,iJL{^) be a finite abstraction of 
S. Suppose that T = (Q, A, B, M", H), qq eQ, f isa control strategy of T and C = (Xq, /J 
is a r-controUer derived from go and /. Then we have 

(1) there exists at least one trajectory x : M*} — t- X of S with r-controUer C, and 

(2) for any such trajectory x : M° — )■ X, there exists a G Out(qQ, f) such that cr ~£ with 
(Tx = x(0)x(r) ■ ■ ■ . 

Proof: (1) We demonstrate the claim below first. 

Claim. There exist a family of trajectories x„ : [0, r] — )■ X G N) such that for any 
n G N, x„_i(r) = x„(0) if n > 1, /c(s„) is defined and for some disturbance input v„ G -Br, 
= Ax„(t) + B/,(s„)(t) + Gv„(t) for all t G [0, r], where s„ = Xi(0)x2(0) ■ ■ ■ x„(0). 

We construct such trajectories by induction on n. Let n = \. Since go is a state of finite 
abstraction T, by Definition [3l we have go G X. It is clear that go ~£ go and go G Out^{qo, /). 
Thus by Definition [l9l /c(go) is defined and /c(go) G A,-. Further, since S is forward-complete, 
given an arbitrary disturbance input vi G B^-, there exists a trajectory xi : [0, r] — )► X such 
that xi(0) = go and xi(t) = Axi(t) + B/c(go)(t) + Gvi{t) for all t G [0,r]. Clearly, xi is the 
desired one. 

Suppose that n = i + 1 and we already have trajectories xi,X2,---Xj such that for any 
k < i, Xfc_i(r) = Xfc(O) if A; > 1, /c(sfc) is defined and for some disturbance input G B^-, 
±k{t) = Axfc(t) + B/e(sfc)(t) + Gvfe(t) for all t G [0,r], where Sk = Xi(0)x2(0) ■ ■ ■ Xfc(O). 
Thus by Definition [21 we get Xj(0) Jjl^flhXl^^ Xi(r). Further, by Proposition |4l there exists 
s G Out~^{qo, f) such that Sj oxj(r) ~£ s. Thus by Definition [T9l /c(sj oxj(r)) is defined. Then 
similar to the above, there exists a trajectory Xj+i : [0,r] — )■ X such that Xj_|_i(0) = Xj(r) and 
for some v^+i G 5^, Xi+i(t) = Axi+i(t) + B/c(si+i)(t) + Gvi+i(t) for all t G [0,r]. 
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Now, we return to the proof of this proposition. By the above claim, there exist a family of 
trajectories Xj : [0, r] — )■ X (i G N) satisfying the conditions in the above claim. Then based on 
these trajectories, a function x : — )■ X is defined as: for any t E M°, if t G [{i — l)r, zr) 
for some i G N then we set x(t) = Xj(t). Clearly, \J{[{i - l)r, ir) : i G N} = R° and 
[{i — l)r, ir) n [(j — l)r, jr) = for all i,j eN with i ^ j. Thus for any t E M^, there exists 
unique i E N such that t E [{i — l)r, ir). So the function x is well-defined. By the above claim 
and Definition [20l x is a trajectory of S with r-controUer C. 

(2) Let X be a trajectory of S with r-controUer C and ctx = x(0)x(r) ■ ■ • . Then by Defini- 
tion [2Ql /c(o"x[l,^]) is defined for any n E N. Thus it follows from Definition [T9l there exist 
a family of sequences s„ G Out^{qo, f) (n E N) such that s„ ~e crx[l,r2] for each n E N. 
Moreover, since T is finite, the state set Q is finite. Then it is easy to check that there exists 
an infinite sequence iii2 ■ ■ ■ G N'^ such that for any j E N, ij < ij+i and Si. is a proper prefix 
of Si.^-^. Clearly, for any k E N, there exists j E N such that k < ij. Furthermore, for any 
j,l,k G N, if A; < ij and k < ii, then Si^[k] = SjJA;]. Then we define an infinite sequence 
a E Q"^ as: for any k E N, if k < ij for some j E N, then we set a[k] = Si^[k]. It is clear 
that a is well-defined. Then, since Sj^ G Out^{qo, f) and Si. ~e crx[l,^j] for all j E N, by 
Definition [T6l we have a E Out(qQ, /) and a ~e cTx. ■ 

The following result demonstrates that under some assumptions, given an LTL_x formula ipo 
as specification, if a |= tr^{trs{(^o)) for any a E Out{qQ,f), then all trajectories of S with a 
controller derived from go and / satisfy specification lpq. 

Theorem 4: Given an asymptotically stable linear control system S below 

E : X = Ax + Bm + Gw, X eX.ueV.v eY. 

Let e,T,r],fj. E M+, ipo an LTL_x formula, T G Tr,,,,^(S) a finite abstraction of S, go a state 
of T, / a control strategy of T and let C = {Xq, fc) be a r-controUer derived from go and /. 
Assume that ||e^^||£: + /i + 'q/2 < e and ||x(i(:) — x((r2 — l)r)|| < 5 for any trajectory x of S 
and for any n G N and t E\{n — l)T,nT). If cr |= trf{trs{'fo)) for any a E Out(qo, /), then all 
trajectories of S with r-controUer C satisfy (po. 

Proof: Suppose that a |= tr^{trs{(po)) for any a E Out{qQ,f). Let x : — )■ X be a 
trajectory of S with r-controUer C and dx = x(0)x(r) ■ ■ ■ . Then by (2) in Proposition |5l there 
exists cr G Qut{qQ, f) such that a ~£ dx- Thus by a |= trf{trs{^po)) and Lemma HI we get 
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c^x h trs{fo). Therefore, since ||x(t) — x((n — 1)t)|| < 6 for any n G N and t E [{n — l)r,nr), 
it follows from Theorem |2]that x |= (/?o- ■ 
Now we arrive at the main result of this section. 

Theorem 5: Given an asymptotically stable linear control system S below 

S : i; = Ax + Bu + Gf , x e X,u eU,v eV. 

Let e,T,r],ix E M+, (po an ITL x formula and let T G Tt-,,^^(S) be a finite abstraction of S. 
Assume that ||e'^'^||£: + /i + 77/2 < e and ||x(t) — x((n— l)r)|| < 6 for any trajectory x of S and 
for any n eN and t E [{n — l)T,nr). If there exists a state go and a control strategy / of T such 
that cr 1= tr^{trs{'fo)) for any cr G Out(qQ, /), then there exists some r-controUer C = {Xq, fc) 
derived from go and / satisfying the following conditions: 

(1) there exists at least one trajectory of S with r-controUer C, and 

(2) all trajectories of S with r-controUer C satisfy lpq. 

Proof: Suppose that there exists a state go and a control strategy / of T so that a \= 
tr^{trs{^po)) for any a E Out(qQ, /). Then by Lemma|5l there exists a r-controUer C = {Xq, fc) 
derived from go and /. Further, (1) follows from Proposition |5]and (2) is implied by Theorem HI ■ 
In the above two theorems, the assumption ||e^'^||£: + fi + r]/2 < e is introduced by Pola and 
Tabuada to guarantee that the finite abstraction and the sample system of the given linear system 
are As A bisimilar (see Theorem [1). 

VI. Conclusion and future work 

In order to provide a framework to design controller for systems affected by disturbances, 
Pola and Tabuada introduce finite abstractions for these systems [[T9l , [|22l . This paper concerns 
itself with the relationship between the control strategy of these abstractions and the controller 
of the original control systems. Similar work has been developed for control systems without 
disturbances [|6l.f[8l. [[T0l . In these work, since finite abstractions and the original control systems 
share the same properties of interest, the formal design of control systems may be equivalently 
performed on the corresponding finite abstractions. 

This paper points out that Pola and Tabuada's finite abstraction and its original control system 
do not always share the identical properties described by LTL x formulae under control (see 
Example [Hand 121). Thus, if we adopt the same formula cpo as specification of control systems and 
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finite abstractions, the formal design of the latter may not be helpful for the former. This paper 
tries to fill such gap between finite abstractions and control systems with disturbances. To this 
end, the specification transforming function \ip.tr^{trs{'f)) is introduced, which transforms a 
specification for control systems to one for finite abstractions. We illustrate that under some 
assumption, given an initial state q and a control strategy / of finite abstraction enforcing 
trlitrs^Lpo)), then there exists a controller derived from q and / such that the trajectories of 
S with this controller satisfy ipQ (see Theorem |5]). In another paper [|28l . we also provide an 
algorithm to obtain an initial state and a control strategy which enforces a given finite abstraction 
satisfying desired specification. These results indicate that Pola and Tabuada's abstractions may 
be a useful tool in the formal design of control systems with disturbance inputs. 

However, this paper just proves the existence of controller derived from the given initial state 
q and control strategy /, but does not offer the construction of such controller. In other words. 
Definition [19] just tells us what is a controller derived from q and /, but does not provide a way 
to obtain it. Clearly, it is a topic worthy of further study that how to obtain such controller. 
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